[issue3122] hg clone puts user password in .hg/hgrc
Matthew Giannini
bugs at mercurial.selenic.com
Tue Nov 22 08:50:11 CST 2011
New submission from Matthew Giannini <mgiannini at tridium.com>:
If you hg clone and give a URL that includes username at password, then
Mercurial will put the full URL including the password into the resulting
.hg/hgrc file in the [paths] section for "default".
I think the clone should "scrub" the default repository URL and remove any
password. If users want auto-injection of the password they should configure
[auth] in their user-specific .hgrc files or explicitly put the password into
the .hg/hgrc file. But Mercurial should not do this by default.
----------
messages: 18143
nosy: mgiannini
priority: bug
status: unread
title: hg clone puts user password in .hg/hgrc
____________________________________________________
Mercurial issue tracker <bugs at mercurial.selenic.com>
<http://mercurial.selenic.com/bts/issue3122>
____________________________________________________
More information about the Mercurial-devel
mailing list